The Delegation Authorization Model: A Model For The Dynamic Delegation Of Authorization Rights In A Secure Workflow Management System

A workflow is a coordinated arrangement of related tasks in an automated process, the systematic execution of which, ultimately achieves some goal. Tasks that comprise the workflow process are typically dependent on one another. Security, in a workflow context, involves the implementation of access control security mechanismsto ensure that task dependencies are coordinated and that tasks are performed by authorized subjects only. A Workflow Authorization Model (WAM) [AH96b] has already been developed to enforce security principles on workflows, by addressing the granting and revoking of authorizations in a Workflow Management System (WFMS). This WAM satisfies most criteria required for an optimal access control model for workflows, some of which cannot be met through pure role-based access control (RBAC) mechanisms. This paper addresses the delegation of task authorizations within a workflow process by subjects in the organizational structure. The proposed The Delegation Authorization Model (DAM) will work within the security constraints imposed by the WAM when deciding whether delegations will be approved or denied. It will also take into account the dynamically determined constraints imposed by the DAM itself.